Cryptology ePrint Archive: Report 2009/561

Improvements on two password-based authentication protocols

Yalin Chen1, Jue-Sam Chou2,* , Chun-Hui Huang3

Abstract: Recently, Liao et al. and Hölbl et al. each proposed a user authentication protocol, respectively. Both claimed that their schemes can withstand various attacks. However, Xiang et al. pointed out Liao et al.’s protocol suffers from three kinds of attacks, the replay attack, the guessing attack, and the Denial-of-service (DoS) attack. Moreover, we and Munilla et al. also found Hölbl et al.’s protocol suffers from the password guessing attack. In this paper, we will propose the two protocols’ improvements respectively. After analyses and comparisons, we conclude that our improvements are not only more secure but also more efficient in communication cost than all of the proposed password based schemes that we know.